As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from...

We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defen...

Network isolation refers to how Microsoft Defender for Endpoint restricts a compromised device’s communication within the network in order to contain threats and prevent lateral movement. But oftenti...

Microsoft has a long-standing relationship with MITRE and holds deep respect for the unique role that the organization plays within the security ecosystem.  MITRE ATT&CK® Evaluations have been instru...

Enhancing macOS security with behavior monitoring  As attackers become more sophisticated in today’s rapidly evolving threat landscape, security strategies must continue to innovate to keep pace. F...

Create and manage global exclusions for Linux  Global exclusions for Microsoft Defender for Endpoint on Linux are now generally available. This will allow security teams to create and manage exclus...

Protecting critical assets  Traditional security solutions often operate in a one-size-fits-all alert model that treats every detection equally, regardless of how important the asset is. But not al...

The rise of tampering attacks In cybersecurity, anti-tampering protection refers to the defensive measures designed to prevent unauthorized modifications to security systems, policies, and settings...

The modern threat landscape is rapidly evolving, with new attack strategies being employed at greater frequency and volume than we have seen in the past. One such tactic we have recently observed acr...

Endpoint security solutions collect large amounts of data from across your network in order to detect intruders. These signals are quickly processed to generate prompt, valuable security alerts and i...